Hack a Day » toorcon

ToorCamp call for papers/participation

Eliot — Mon, 30 Mar 2009 01:30:18 +0000

We’ve been watching and waiting intently as ToorCamp comes together. It’s a four day hacker conference that will be held in a Washington state missile silo July 2nd-5th. While we’re excited about this debut event, its success depends entirely on those presenting. The call for papers is currently open and they’ve got a number of formats available: 20 and 50 minute talks and 1 and 2 day workshops. They’re also looking for people to organize campsites and are offering discounts for groups. We’re encouraging you to submit your talk since we’d love to see more hardware talks. You can follow @ToorCamp announcements on Twitter.

Posted in cons, security hacks

ToorCamp 2009 to be held at missile silo

Eliot — Wed, 04 Feb 2009 01:22:18 +0000

After running a successful hacker convention for ten solid years, the people who brought you ToorCon are planning a new event to shake up the US hacker scene. ToorCamp will be held July 2nd-5th, 2009 at a former missile silo in central Washington state. Hackers will camp on-site for two days of talks followed by two days of workshops. Art and music events are planned for every night. Camps like this are already help biannually in Europe: What the Hack in 2005, Chaos Communication Camp 2007, and Hacking at Random 2009, coming this fall. The complex is one of three Titan 1 missile complexes in the Moses Lake area. The sites were in operation less than three years between 1962 and 1965. The former missile command center has been converted to a secure data center run by Titan I, LLC. ToorCamp promises to be a very unique experience and we’re looking forward to attend this and future years.

Posted in cons, news

ToorCon preregistration ends today

Eliot — Fri, 12 Sep 2008 23:09:47 +0000

Preregistration for ToorCon San Diego ends today. The current price is $100 and it will be $140. This is the 10th year for the San Diego hacker convention which will happen September 26th – 28th. The schedule for ToorCon X has already been posted. We highly recommend this convention. We’ve attended the last four years and it’s always been a favorite.

Upcoming events

Eliot — Mon, 18 Aug 2008 05:31:00 +0000

It looks like it’s time to update our event list. Here are some hacking related events happening through the rest of the year.

ToorCon September 26-28 San Diego, CA – In its tenth year, ToorCon has always been one of our favorites. The conference is fairly small, but features great content like last year’s fuzzing talk.
Arse Elektronika (NSFW) September 25-28 San Francisco, CA – Happening the same time as ToorCon, this conference covers the sexual side of human and machine interaction. The device list has gems like The Seismic Dildo, which only turns on if there is seismic activity in the world.
Maker Faire October 18-19 Austin, TX – It’s Maker Faire! In Texas!
Roboexotica December 4-7 Vienna, Austria – The premier festival for cocktail robotics is also back for the tenth time. They’re always looking for more exhibitors. Check out our Hackit for ideas.
25C3 December 27-30 Berlin, Germany I think we pretty much covered all the bases on this incredible conference yesterday.

Did we miss anything?

ToorCon Seattle 2008: Lightning talks

Eliot — Wed, 23 Apr 2008 00:00:00 +0000

The second ToorCon Seattle got off to a quick start last Friday with a round of Lightning Talks at the Public Nerd Area. Each talk was limited to 5 minutes and covered a broad range of topics. Some talks were just supplying a chunk of information while others were a call to action for personal projects. Here are a few of the talks that we found interesting.

[I)ruid] opened with an explanation of his handle, since he catches a lot of flak for it being l33tsp34k (that’s supposed to be a capital ‘I’). The name has actually proven to be quite fun since it has broken a few systems that aren’t sanitizing input properly. Registering at Black Hat 2006 caused a database error. At the ShmooCon hacker arcade, he entered his player name and was dropped directly to a root shell. It’s also rather hellish on many webapps. His point was: why not choose a l33t name and have the fun of fuzzing all the time and breaking stuff even when you aren’t trying?

[nous] gave a quick plug for Ninja Network’s phreaking contest. Last year at Defcon was the first event they held. The first task was to use a butt set on a 25 pair block to find usable line. Once the random line was found they were dropped into a voice mail system to explore. The backend for the contest is Asterisk plus some custom Perl scripts. You can catch a preview version of this contest next month at LayerOne.

[jrandom] talked about how scratch-off cards can be gamed. Using a bright light or a resurfacing pen can help you with games that require a certain scratch order. Other cards can be identified by telltale signs they pick up during their production. Winners and losers are usually produced in two separate batches. Cards from each group will have the same cut quality, alignment flaws, printing color, and even the font could change. Sometimes the cards even have coding on them to indicate the winners (could be a simple as a W and L). All this is great, but the manufacturer might be doing this intentionally just to get attention.

[Travis Goodspeed] gave a brief introduction to reversing the Econolite ASC/3 traffic light controller for compatibility. It’s a PowerPC box running VxWorks 5.x and has snmp and FTP support. The FTP provides simple anonymous access. All of the control values are stored in the ASC3.DB binary file that’s checksummed. [Travis] built a way to describe a binary file structure as XML and generate libraries for reading the binaries natively in multiple languages.

We also thought [Dean Pierce]‘s network pentesting visualization framework was interesting. [Joel Voss] was attempting to write a softphone for the IAX2 protocol and ended up DOSing Asterisk. 30kB from the attacker could cause a massive amount of packets from Asterisk. He now has a framework for testing all aspects of the protocol.

ToorCon 9: Retrieving WEP keys from road warriors

Eliot — Wed, 24 Oct 2007 03:45:00 +0000

[Vivek Ramachandran]‘s Cafe Latte attack was one of the last talks we caught at ToorCon. I’ve found quite a few articles about it, but none really get it right. It’s fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By flipping the bits in the ARP packet you can replay the WEP packet and it will appear to the client to be coming from an IP MAC combo of another host on the network. All of the replies will have unique IVs and once you get ~60K you can crack it using PTW. The bit flipping is the same technique used in the fragmentation attack we covered earlier, but Cafe Latte requires generation of far fewer packets. You can read about the Cafe Latte attack on AirTight Networks.

ToorCon 9: URI use and abuse

Eliot — Mon, 22 Oct 2007 03:50:00 +0000

[Nathan McFeters] and [Rob Carter] gave a presentation on the problems with URI handling. URIs are used to send commands to external applications from a web browser. itms:// for iTunes for example. Any application that registers a URI has the potential to be abused through this route. For their first example they showed a stack overflow in Trillian’s AIM handling. The next demo created a “Critical Update Available” button on Picasa’s interface. When the user clicked it, their photos would be uploaded to the attacker’s server. They even display a “download progress” bar to encourage the user to keep the connection open. You can read about the attack on cocontributor Billy Rios’s blog.

Dan Kaminsky’s Cryptomnemonics

Eliot — Fri, 27 Oct 2006 07:33:00 +0000

Our buddy Dan Kaminsky gave an interesting talk at Toorcon. This is just one part where he talks about a novel way to help the user remember SSH keys by converting them to couples names. You can get it in high quality here. 17 minutes long. Thanks to Fabienne for shooting the video.

WiCrawl – Next-gen WiFi auditor

Eliot — Sun, 15 Oct 2006 10:45:00 +0000

At ToorCon, our friends at Midnight Research Labs released a new automated WiFi auditing tool called WiCrawl. WiCrawl automatically scans for accesspoints. Once an AP is discovered a number of plugins can be run against it ranging from getting an IP to breaking encryption. Aaron Peterson’s talk and demo is 50mins. You can download the 640×480 170MB .mov version here. The tool is going to be included in the next BackTrack CD.